Unify the current data protection privacy laws throughout the EU, and
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Founded on the fundamentals of privacy by design and a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The GDPR is a new legal framework from the EU that takes effect on May 25, 2018. It‟s an updated version of the Data Protection Directive.
This law is designed to accomplish two main things:
Unify the current data protection privacy laws throughout the EU, and
Enhance the rights of citizens of the EU to protect their personal information
The GDPR applies to any business that does one or both of the following:
Based on the above premise the GDPR Applies to ABans Global Limited (AGL)
AGL("we" or "us‟ or "our‟) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection framework in place which complies with existing law and abides by the data protection principles. However, we recognize the requirement and importance of updating and expanding this program to meet the demands of the GDPR and the UK‟s Data Protection Bill.
AGL is dedicated to safeguarding the personal information under our responsibility and to developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation.
The Board of Directors and management of ABans Global Limited (AGL) are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the “rights and freedoms” of individuals whose information AGL collects and processes in accordance with the General Data Protection Regulation (GDPR).
AGL‟s compliance with the GDPR is described by this policy and applies to all of AGL‟s personal data processing functions, including those performed on customers‟, clients‟, employees‟, suppliers‟ and partners‟ personal data, and any other personal data the organization processes from any source.
This policy applies to all Employees/Staff and interested parties of AGL such as outsourced suppliers. Any breach of the GDPR will be dealt with under AGL‟s disciplinary policy and may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities.
All third parties working with or for AGL, and who have or may have access to personal data, will be expected to have read, understood and to comply with this policy. No third party may access personal data held by AGL without having first entered into a data confidentiality agreement, which imposes on the third party obligations no less onerous than those to which AGL is committed, and which gives AGL the right to audit compliance with the agreement.
AGL lists six legitimate purposes and processing of personal data must be linked to one of these.
While the Data Protection Directive only applied to data controllers, the GDPR now applies to data processors as well. Data controllers must now conduct Data Privacy Impact Assessments(DPIAs) and add more thorough methods of obtaining consent for collecting data.
Data processors will have to start keeping written records, increasing security measures to protect data and notify data controllers of any breaches that occur with the data.
The GDPR requires that clients of AGL are provided with thorough information about how their personal data is processed.
According to Article 12 of the GDPR, AGL will need to communicate information about how its processes personal data in a way that‟s:
This can be accomplished with a good Privacy Policy and privacy notices.
Through the Privacy Policy AGL will let its users know:
AGL collects personal information from you which include your name, address, telephone number and E-Mail address, when you enter such information on the website, or when you open an account with AGL. If you are already a client of AGL, we may also be required to collect other additional information such as your financials and other types of personal information from you in accordance with the rules and regulations of our regulator, the Financial Conduct Authority (“FCA”).
In addition to the above, if you are an existing client of AGL and you wish to have online access to view statements and other information relating to your account, we will ask you to provide information about yourself for security, identification and verification purposes.
When you visit our site, we may also log your IP address, a unique identifier for your computer or other access device.
We will use your personal information for the purposes of providing the services you have requested, for administration and customer services, for credit scoring, for marketing, for research/statistical analysis purposes and to ensure that the content, services and advertising that we offer are tailored to your needs and interests. We may keep your information for a reasonable period for these purposes. We may need to share your information with our service providers and agents for these purposes.
In assessing your application to open an account, to prevent fraud, to check your identity and to prevent money laundering, we may search the files of credit reference agencies who will record any credit searches on your file. The information will be used by other credit grantors for making credit decisions about you and the people with whom you are financially associated, for fraud prevention, money laundering prevention and occasionally for tracing debtors. Information used for these purposes will include publicly available information such as electoral roll, county court judgments, bankruptcy orders or repossessions.
We may disclose personal data in order to comply with a legal or regulatory obligation.
We may contact you by mail, telephone, fax, e-mail or other electronic messaging service with offers of services or information that may be of interest to you. By providing us with your fax number, telephone numbers or email address you consent to being contacted by these methods for these purposes. If you do not wish to receive marketing information from us, please tick the relevant box.
Any information which we send to you by e-mail will not be encrypted. We cannot guarantee confidentiality of e-mails that you send to us.
By providing us with your personal information, you consent to our processing your sensitive personal data, such as criminal convictions, for the above purposes.
If you provide us with information about another person, you confirm that they have appointed you to act for them, to consent to the processing of their personal data including sensitive personal data and that you have informed them of our identity and the purposes (as set out above) for which their personal data will be processed.
We also take appropriate measures to ensure that the information disclosed to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used.
You are entitled to ask for a copy of the information we hold about you (for which we may charge a small fee) and to have any inaccuracies in your information corrected.
AGL has outsourced its certain non-critical activities to its parent entity, ABSPL. An outsourcing service agreement has been executed to define the terms of the engagement of services whereby both the parties are required to use reasonable efforts to cause its respective agents, employees, and representatives to minimize distribution and duplication and prevent unauthorized disclosure of the Confidential Information of the other Party. No Party will disclose the other Party‟s Confidential Information to a third party without the prior written consent of the other Party. AGL and its outsourcing agent shall comply, at all times, with any and all applicable laws relating to personal data protection and any and all legal conditions that must be satisfied in relation to the collection, transfer, processing, storage, and destruction of personal data (i.e. data that is capable of personally identifying any individual). Appropriate technical and organizational measures have been taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. The Data Protection Act, 1988 is applicable to the agreement made between the parties.
Since the data is transferred to India, a country located outside the European Economic Area, the Data Processor (ABSPL) ensures adequate level of protection all the time till the Company is handling personal data of another country. To ensure adequate level of protection the Data controller (AGL) makes sure to verify the protection for the rights of the individuals whose personal data are transferred.
AGL, the data controller takes into account all critical factors at the periodic interval to assess the adequacy and top protect the right of individuals, and also periodically scrutinizes the security measures taken in respect of the personal data in the country or territory where the data has been received. Confidentiality clause is upheld with extreme importance at all the point of time.
For quality control, regulatory and training purposes, we will monitor or record your communications with us.
If your personal details change, if you change your mind about any of your marketing preferences or if you have any queries about how we use your information, please let us know by email: compliance@abansglobal.co.uk. We will update our records when you inform us that your details have changed
AGL will provide easy to access information of an individual‟s right to access any personal information that it processes about them and to request information about:
AGL will have a designated Data Protection Officer (DPO) who will be responsible to implement the new data protection Regulation. The DPO and his team will be responsible for promoting awareness of the GDPR across the organization and assessing the robustness of our GDPR, identifying any gap areas and mitigating them in addition to implementing the new policies, procedures and measures.
The eight Principles require that personal information: